Username and password was exposed from the .msmtrc which led to
kerberos ssh login.
→ Make sure the passwords are not hardcoded or make sure they are
obfuscated.
crontab of admin user was readable , the script that was being run was also
visible , because of which we understood that contents from a admin
writable folder was being copied to the home directory of admin.This led to
.k5login spoofing.
→ One should make sure the permissions for scripts and cronjobs must
be set in a manner that only the owner is capable of accessing it.Here the
script and /var/log/squid must be made readable and writable only by
user admin.
admin to root was because of the readble keytab file.
→ There is clear instruction that keytab file must have protective
permissions but still the user admin came under the group that had read
access of the keytab file that had principal info and permissions such as
admin and changepw for user kadmin which made it possibel for us to
create a user root.
FLAGS
User: 9fe92ac9dba259b31b9aab6aa349cad8
Root: 0162c27af602daf43669f6d033ee39ec
THINGS LEARNT
Squid proxy TENTACLE http-proxy - 3128
Kerberos CONCEPTS ONLY Kerberos
Containerized kerberos https://www.confluent.io/blog/containerized-
testing-with-kerberos-and-ssh/